Security Header X-Content-Type-Options and Prismic Previews

Hi there,

I have the exact issue as this topic noted below, and I was wondering if there have been any updates recently as the thread has been quiet since May.

I need to use the security header below in NextJS 12, with previews. Unfortunately, it is not working and resulting in the response noted again below.

    key: 'X-Content-Type-Options',
    value: 'nosniff'


<!DOCTYPE html><html><head><meta http-equiv="Refresh" content="0; url={response-url}/>
    <script>window.location.href = {response-url}</script>

Is there a workaround, I haven't yet migrated from the NPM module prismic-javascript > @prismicio/client. This is something I intend on doing over the next week or so.

Would this have an impact on this issue? or is this something you are still exploring a fix for?

Many thanks,


Hello @daf, thanks for bringing this to our attention.
I'll open the discussion with the team that's working on the Next kit and let you know what we conclude.


1 Like

This thread is being monitored as an open ticket in the internal Prismic issue tracker. The Prismic support team will update this post as we get more information from our dev team. If you have a similar use-case, you can ‘Flag’ this topic to reopen and add it here.